IT Systems Based Information Security Examinations, Audits & Solutions
- System Operation Security
- IT Network Security & Internet Border Security
- Remote Border Security Scanning
These audits examine the IT systems and their components approaching from information technology. The goals of these audits are to discover whether the IT system can serve accordingly to the company’s business processes considering operation security, border security, various external & internal threats protection, etc.
The scope of these exams can be exclusively focused to the IT systems and its elements without the examination and analysis of their affects to the business processes, but the results of these exams can be used to analyze the threats of business continuity (highly recommended!).
Threats and dangers can be analyzed based on results of these audits thus the risks of business continuity can be analyzed in both qualitative and quantitative manners.
The audit point out whether the IT system is compliant with the requirements claimed by the business process. E.g.: Can a certain subsystem be restored within the vulnerability gap? What is the availability of the necessary resource set? Etc.
System Operation Security
The continuous operation and business continuity of most companies is largely dependent on the ability of their IT systems to operate continuously. In case of unwanted system halt (could be the whole system or just a part of it), the company may suffer significant immediate/direct and/or collateral damages and expenses.
Using the result of Operation Security Examinations and/or Audits the factors (source of failures, dangers, etc.) endangering the continuous and stable operation of the system are discovered. In certain cases even the use of those audits can prevent system disasters.
The result of these exams and audits are calculations displaying the existing and available Vulnerability Gaps (time frame for system restoration) in reference to certain parts of the system. These Vulnerability Gaps are showing the time frames available for system restoration with the available resource sets, solutions and plans. The results can be used to determine whether the given IT system or the whole system has the ability to restore itself within the time frame dictated by the business needs.
For each system an Operation Continuity and/or Disaster Recovery Plan should be completed. In case of a disaster these plans can be used as guides to an organized reaction and fast IT system operation recovery.
The steps of an examination are:
- Operation Continuity audits.
- Audit of the Disaster Recovery ability.
- Discovering and mapping of internal operational threats, risk factors.
- Calculating and Analyzing Business Risk levels. Calculating and analyzing direct/immediate and collateral damages and expenses, and the presumption of supervention.
- Surveying existing Disaster Recovery and Incident Management abilities.
- Improving Disaster Recovery and the ability of reducing damages.
- Creating the ability of Disaster Recovery or its development to the required level.
- Creation, test, implementation, verification and support of complete Operation Continuity Plans (OCP), Disaster Recovery Plans (DRP) and Business Continuity Plans (BCP).
- Completion of crisis communication plans (from the aspect of content & organization).
IT Network Security & Internet Border Security
Information and operation security is often endangered by network based incidents originating from external or internal sources. This means higher risk to a company which builds more and more business process upon the opportunity of internet.
The system and the information is further exposed to even higher risks because of the rush of internet based attack methods.
Thus it is very important to manage the Network Security & Internet Border Security with emphasis on it.
Security.hu has considerable experience and corresponding technology background in preventing and solving Network Security & Border Security incidents.
The preferred and recommended arrangements are preventive, but in case of already happened incidents we are ready to assist and help as well. We can furthermore assist in the planning and adaptation of post and post-preventive arrangements.
The content of the recommendations are consisting of organizational, administrative and IT security steps.
These recommendations may advise the acquisition of new hardware and/or software elements and their integrations into the existing client system.
Security.hu is not committed to any vendor/brand, but we are ready to assist in finding, purchasing, and integrating hardware and software elements if needed. In that case our first priority is to provide a solution which effectively blends into the client’s system and fulfills the requirements.
- Network Security & Border Security Audit
- Discovering external & internal penetration points, possibilities of vulnerabilities and threats.
- Mapping of the vulnerability points.
- Business Risk Analysis of vulnerability points. Calculating and analyzing immediate/direct and collateral damages and expenses and the presumption of supervention.
- Recommendation of intrusion & border protection system & arrangements.
- Implementation, test, support etc... of the Intrusion & Border Protection System.
- Incident Management
- Discovering Border Security incidents.
- Elimination of damages.
- Assistance in creation of post- and post-preventive arrangements.
Remote Border Security Scanning
Recommended to clients not implementing a complete audit of their IT security system, but occasionally or even regularly need a check of their internet infrastructure system against the threats. An estimation of the level of protection shown against malicious penetrations and intrusions.
During the test we scan the client’s network border system using pre-determined and configured methods in daily/weekly frequency studying its protection against internal attacks.
The result of the scan is a Scan Report sent to the appointed client contact. The threats and vulnerabilities are classified in the report and in certain cases the recommended actions are also included.